US Senator demands answers from Carrier IQ Senator and former late-night funnyman Al Franken has called on Carrier IQ to explain why its diagnostic software, buried in the bowels of 141 million smartphones, isn't a massive violation of US wiretap laws. In a letter sent to Larry Lenhart, CEO and president of the Mountain View, California-based software maker, Franken …
Ex-comedian, most serious man in congress.
I don't know if I should be more impressed with Al Franken (and I am) or suprised that the conventional political class can't do much in comparison.
For British readers: don't you wish someone had written a letter like this to start their investigation of the Phorm trials?
Are you effin serious? Norm Coleman was the one who spent untold millions of out-of-state dollars trying to turn his obvious loss around and in turn cost the state untold millions on a wild goose chase. Minnesota could certainly use that cash now.
Man, a state that gave us Governor Jesse "The Body" Ventura and Senator Al "Stuart Smalley" Franken is a state I wish I still lived in.
...they *might* get away with ignoring it or lying (I don't know) but it's not a good idea. I don't *think* either act would be considered illegal, but it would probably just piss of Frankin and co to the point where they call a formal hearing on the matter.
That last bit is the real power of an Al Frankin (or, rather, his sub-committee) in this situation. They can subpoena (i.e. legally compel) the Carrier IQ folks in to attend a hearing, under oath and threat of perjury charges if they lie, in which their only protection not to answer questions truthfully is the 5th Amendment (an Article of our Constitution which protects citizens from being forced to testify against themselves).
For more info around Congress' power to subpoena and the legal background on it this link is pretty good:
http://www.answers.com/topic/subpoena-power-of-congress
If they ignore the letter they should probably expect to receive a summons to appear before the committee Franken is the chairman of and they will appear or be dragged in by law enforcement authorities.
Answering falsely would be much worse. As it would fall under Title 18 US Code Section 1001 it would likely entail prison time for the poor sod they put up as sacrificial lamb. This is what the gov't used to get Martha Stewart since they couldn't actually prove any SEC violation but she did lie about it. Likewise Marion Jones was jailed for lying about taking steroids and not actually taking the steroids.
The wikipedia page on it says "Hubbard v. United States, 514 U.S. 695 (1995), was a United States Supreme Court case which held that 18 U.S.C. § 1001 did not apply to the judicial branch, and by implication, to the legislative branch of the Federal Government." As Congress is part of the legislative arm of government, I don't think it is covered, so lying in response to an informal letter written by a congressman is probably ok. (As opposed to lying in a response to a sub poena or in testimony to a committee, which is a different matter, but so far this guy has just written them a letter, exactly like any non-congress citizen could do, and the response is not on oath, so they can say what they like.)
That makes sense as the case you speak of pertained to a Mr. Hubbard who filed for bankruptcy protection in court and allegedly falsified information. It seems clear that subsection (a) we are speaking of would not apply inasmuch as it is excluded by subsection (b) because the bankruptcy would qualify as a judicial proceeding. I understand the Hubbard opinion cited United States v. Bramblett, 348 U.S. 503 (1955) and felt that decision to be in error but managed to avoid a direct confrontation with or revocation of that case. As it always seems with the Supremes, or any court really, it apparently depends most on who you get and what their mood is on that particular day. Also even when it seems like it should be clear to we non-lawyer types the lawyers and Justices can always make it more complicated than it really seems to be; although I agree with anything that puts some kind of binders on an overzealous justice department.
For reference:
1001 subsection (a)
"... whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully— (1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact; ... shall be fined under this title, imprisoned not more than 5 years..."
1001 subsection (b)
"(b) Subsection (a) does not apply to a party to a judicial proceeding, or that party’s counsel, for statements, representations, writings or documents submitted by such party or counsel to a judge or magistrate in that proceeding."
This software does not all of the sudden appear on all different kinds of phones. This software is installed on the phone by someone else.
So why hound CarrierIQ, asking it if they agree that this constitutes a massive leak, privacy problem, bla bla bla? It's their software, it's their revenue selling it to the providers! Of course they will say something along the lines of 'We know nossing... Nooosssing!' (in your best Sergeant Schultz accent)
I would like to know why a Verizon, AT&T, etc. allows this software on their phones.
So far, from what i'm reading, it seems that phone X, sold in the UK, connected to a UK provider, does not contain this software, but phone X bought in the US, from a US provider, does.
What's up with that?
Just posted something that addresses this...
After a little digging, I discovered that Larry Lenhart, the CEO of Carrier IQ, is also CEO of an alternative energy corporation called Catilin, Inc. that received $44 million from the Department of Energy under Obama.
So, what you suggest is not at all implausible. The Obama Administration is not at all what it has tried to portray itself as. In fact, Obama makes Nixon look downright virtuous.
I hope this expands to the carriers - the real culprits here. Yes, they have the legal authority to monitor their network, but they can do that already without putting a rootkit on *your* phone.
From the video:
1) CarrierIQ logs form data submitted over HTTPS pages (i.e. bank passwords)
2) It logs traffic sent over *your* WIFI network
3) It continues logging and possibly reporting back to the carrier even after you cancel your service
These have nothing to do with legal monitoring that the carriers are allowed to do. This has everything to do with wiretapping - which means someone needs to go to jail, if found to be true.
This software in those OS by default, the carriers put it there and they new it. Perhaps they didn't know how 'deep' the CIQ software goes, but the are the people reponsiblity for that software being on your phone.
For me, glad I've got a Windows Phone!
I am glad for you an sad for myself, but per articles on the Internet those are carriers who requst bundling of CIQ software.
To me it looks obvious what are the most profitable smartphones on, say, AT&T - iPhone and the army of Droids - they are wiretapped, Windows phones are not.
On the other hand Verizon does not preinstall wiretapping software on their phones... I wonder if it is the right time to change my carrier.
People had to authorise the installation of this software on phone before distribution to customers. Are any of those people helping with the enquiries? What are the terms of their contract with Carrier IQ?
They're clearly a sleazy bunch, but that doesn't immediately make them culpable. When was the last time a firearms manufacturer got sued or prosecuted as the result of a shooting, hmm?
Too damned right. The Phorm problem wasn't that Phorm existed or with their software. It was that BT decided to implement it.
The only reason that things like Phorm and Carrier IQ exist is because they know damned well that the carriers are greedy, venal, amoral bastards who'll sell their own children for a load of juicy data to flog to advertisers.
Carrier IQ lied about what the software does (or is capable of).
So it's more like a firearms manufacturer stating 'don't worry - our guns only fire blanks' and THEN somebody using one to commit murder - the gunman could even argue that they thought the gun was safe to play with. Sure, the scumbag who used the gun (carriers) are culpable but the manufacturers would also have a case to answer for any deceit in the matter.
Looking forward to this one to be honest..
The video that was posted here on thereg the other day showed the guy reading a log file over USB, he wasn't using a packet sniffer and his video didn't show the data being sent off anywhere.
I said it then, and I'll say it now, I want to see proof that the data is actually being sent off somewhere and isn't just a log file on the phone.
"former late-night funnyman Al Franken"
When the blazes was Franken funny? Seriously, I remember watching SNL a lot back when he was a regular writer, and I can't say laughs could ever be attributed to him, Al Franken.
Mine's the one with the Best of Garrett Morris dvd in the pocket.
All the video shows is that it is receiving events when keypresses are made etc - there's no evidence from the video that it is actually logging and/or transmitting any of these on. It might simply be that in order to get the events it reasonably needs for diagnosing issues it has to get *everything* and then ignore the things it doesn't.
On the other hand, it could of course be logging all of this which would be bad, but compare it to for example an AV application on a PC, which does intercept a lot of things to check for viruses, but is not syphoning off any of that data etc...
CarrieriQ can ignore the letter, respond with a written canned response that is untruthful. Either action would be stupid. CarrieriQ is a privately held firm who has several investors who can't be happy about the events that have taken place up to this point. After Trevor Eckhart reported his findings, which included the company's training materials, Carrier IQ attempted to silence him with a cease-and-desist letter, demanding he replace his analysis with a statement disavowing his research. The company has since retracted its threat and apologized for its behavior, but not without first earning a black eye in the process. This is damaging enough to have caused Franken to write this letter, asking very direct questions which it would be wise for them to not ignore because he can subpoena them to appear before his sub committee and they would definitely HAVE to do that. At such a public sub committee hearing, they will be asked these pointed questions. There is no doubt that CarrieriQ won't go down alone. They will surely point the finger at the carriers and the handset manufacturers. Apple has distanced themselves from them and doesn't allow the type of privacy invasion as what's happening on Android. Their investors may quickly want to distance themselves from the impending scandal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
